Hiding the Base Station in WSNs ! Ruben Rios 1 , Jorge Cuellar 2 , - - PowerPoint PPT Presentation

Hiding the Base Station in WSNs!

Ruben Rios1, Jorge Cuellar2, Javier Lopez1!

1NICS Lab – University of Málaga! 2Siemens AG, Munich!

JITEL 2013 – 28-30 Oct. Granada (Spain)

Motivation!

! Receiver-location privacy is concerned with hiding the location of the BS!

– Physical protection! – Strategic information!

! ! ! ! ! ! These problems are extensible to any WSN scenario (e.g., sealife monitoring, smart metering, etc.)!

1

Motivation!

! WSN solutions are designed to maximize the lifetime of the network!

– Data is transmitted using single-path routing algorithms as soon as an event is detected!

! Routing protocols introduce pronounced traffic patterns because all the data is address to the base station (BS)!

– Nodes transmit shortly after" receiving a packet! – Traffic volume is higher as " we approach the BS" !

! !

2

Agenda!

! Motivation! ! Problem Statement! ! Hiding Scheme! ! Evaluation! ! Conclusion!

3

Problem Statement!

! Network model!

– Vast deployment area ! – Densely populated network! – A single base station! – Event-driven monitoring application! – Sensor nodes share cryptographic keys!

! Adversary model!

– Passive eavesdropper with local vision! – Cannot decrypt messages! – Cannot distinguish real from bogus traffic! – Can move in the field based on!

• Time-correlation (flow direction)!
• Rate-monitoring (traffic volume)!

– Can capture a portion of the nodes !

!

4

10

BS

Data transmission!

! The idea is to locally homogenise the number of packets sent by a node to its neighbours such that!

– Real traffic reaches the BS! – The attacker gains no information !

! Whenever a node has to transmit, it sends two messages!

– Real message: follows a biased random walk! – Fake message: must serve as traffic normaliser!

! !

5

10 10 10 10 10 10 10

Data transmission!

! We require three properties to ensure the usability (Prop 1) and security (Prop 2, 3) of the system!

– Prop 1: Convergence! – Prop 2: Homogeneity! – Prop 3: Exclusion!

!

6

Data transmission!

! The previous properties can be ensured by means of a computationally inexpensive approach!

– Sorted combinations without repetition of two neighbours! – Select one of the combinations uniformly at random!

! !

7

x A B C D E F

Data transmission!

! The previous properties can be ensured by means of a computationally inexpensive approach!

– Sorted combinations without repetition of two neighbours! – Select one of the combinations uniformly at random!

! !

8

x A B C D E F 0 0 1 0 0 0 0 0 0 0 0 1

Data transmission!

! The previous properties can be ensured by means of a computationally inexpensive approach!

– Sorted combinations without repetition of two neighbours! – Select one of the combinations uniformly at random!

! !

9

x A B C D E F 0 0 1 0 1 0 0 0 0 1 0 1

Data transmission!

! The previous properties can be ensured by means of a computationally inexpensive approach!

– Sorted combinations without repetition of two neighbours! – Select one of the combinations uniformly at random!

! !

10

x A B C D E F 1 0 1 0 1 1 0 0 0 1 0 1

Data transmission!

! The previous properties can be ensured by means of a computationally inexpensive approach!

– Sorted combinations without repetition of two neighbours! – Select one of the combinations uniformly at random!

! !

11

x A B C D E F 1 0 1 0 1 1 0 1 1 1 0 1

Data transmission!

! Every nodes receives, on average, the same number of packets ! ! Real traffic has been most likely transmitted to nodes closer

• r at equal distance (A,B, C) to the base station!

– Although some nodes further (E) might also receive real traffic!

! !

12

x A B C D E F 1 0 1 0 1 1 0 1 1 1 0 1

Data transmission!

! Moreover, recall that the attacker cannot distinguish real from bogus traffic!

– Therefore, what the attacker sees locally gives him no information about the direction to the base station!

! !

13

x A B C D E F 1 1 2 1 2 1

Node Compromise!

! However, this protection mechanism becomes useless if the attacker has direct access to the routing tables of the node!

– Node capture attacks are likely due to the unattended nature of WSNs!

! Routing tables are sorted (LC, LE, LF) to allow the data transmission protocol to ensure the Convergence Property!

– Leaks the direction to the BS!

! !

14

x A B C D E F

Node Compromise!

! We introduce a routing table perturbation scheme that re- arranges the elements of the table!

– Still ensure that Prob(n LC) > Prob(n LF)!

! An optimisation algorithm is used to perturb the tables to a desired degree (bias [-1,1])!

– Trade-off between security and delivery time!

!

15 ∈ ∈

A B C D E

F

R1

c1 cm

F1 R2 F2

c2

Fm Rm R10 F10 c10

n − 1 n − 1

n + 1 n + 1

n n

neighs(x) distance C n E n + 1 A n − 1 B n − 1 D n F n + 1

∈

Evaluation: Usability!

! Message delivery time is affected by the probabilistic nature of the protocol! ! The routing table perturbation mechanism also impacts negatively on the delivery time!

– Hop count is below 100 for a bias greater than 0.2!

!

! ! !

16

xn = 1 + pxn−1 + qxn + rxn+1

distance to sink average path length

5 10 15 20 10 20 30 40 50 60 70 4 neigh 8 neigh 12 neigh 20 neigh 0.1 0.2 0.3 0.4 0.5 0.6 0.7 100 200 300 400 500 600 700 800 900

mean hop count desired bias

8 neigh 12 neigh 20 neigh 4 neigh

Evaluation: Usability!

! The use of fake traffic impacts on the network lifetime! ! The durability of fake traffic is controlled by a parameter, which is dependent on the hearing range (n) of the adversary!

– Discarded after several hops!

! The hearing range of a " typical adversary is n =1 (local adversary)! ! !

17

1 2 3 4 5 10 15 20 25 30

ratio falso-real rango del adversario

Evaluation: Privacy!

! We have verified the privacy protection level of our solution for different types of adversaries!

– Passive eavesdroppers should better move at random! – Active attackers must capture more than 1/10 of nodes to be successful!

18

4 8 12 20 0.05 0.1 0.15 0.2 0.25 0.3 0.35 random rate monitoring time correlation

success rate network configuration

50 100 150 200 250 300 350 400 450 500 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 4 neigh 8 neigh 12 neigh 20 neigh

network bias mean captures

Conclusion!

! The location of the base station is critical for the survivability and privacy of the network! ! We present a receiver-location privacy solution capable of countering both passive and active attackers! ! ! The protection mechanism introduce additional overhead and impacts on the delivery time but it includes two parameters to balance between usability and security! ! Future work!

– Reduce the overhead caused by fake traffic! – Protect the topology discovery process!

!

19

Thanks for your attention!!

NICS Lab – University of Málaga!

https://www.nics.uma.es/! !

JITEL 2013 – 28-30 Oct. Granada (Spain)

Extra Slides!

NICS Lab – University of Málaga!

https://www.nics.uma.es/! !

JITEL 2013 – 28-30 Oct. Granada (Spain)

Analysis of Potential Limitations!

! The topology of the network might negatively impact the convergence of real packets!

– Theorem: Real messages reach the base station if !

! Validation on randomly deployed networks! ! !

22

F < p 2C(S − C)

100 150 200 250 300 350 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8

network size probability isolated nodes

100 150 200 250 300 350

1 2 3 4 5

equal(E) further(F) closer(C) p 2C(S − C)

6 7

network size average number of neighbors